We’re trying to pull every OAuth client in the org so the desktop widget can validate scope attachments before a token refresh. Started by hitting /api/v2/oauth/clients with a basic GET request, but the pagination logic is breaking the loop. The SDK method apiV2Client.OAuthApi.getOauthClients() returns a page object, yet iterating through the entities only grabs twenty items. Tried adding pageSize=500 to the query string, which works locally, but production doesn’t throw a clear error. Looking at the raw JSON, each client has a scopes array, but several entries show empty brackets even though the admin UI lists conversation:read. Walking through the response, the code checks if (client.scopes.length === 0) and logs a warning, but that misses lazy-loaded assignments the platform hides until you expand division metadata. The lastModifiedTime field is also null on older clients.
The issue spikes when cross-referencing those IDs against our internal registry. Wrote a mapper that runs fetch(/api/v2/oauth/clients/${id}/scopes) per entry, but that endpoint returns a 404 on half the batch. Switched to checking the permissions object inside the main response, but the property names don’t match the docs. Here’s the current check: const hasRequiredScope = client.scopes?.includes(‘oauth:client:read’) ?? false; which consistently evaluates to false even when the panel shows it’s active. Pagination cursor handling is messy since nextPageUri sometimes points to a relative path. Just need a reliable way to batch verify those assignments without triggering rate limits.